You are viewing a plain text version of this content. The canonical link for it is here.
Posted to api@directory.apache.org by Karim Hosny <ka...@its.ws> on 2015/03/26 08:49:09 UTC
Adding user to Active Directory with Kerberos binding
Hi,
So I got the certificates working and apache Directory working fine over secure connection using startTLS and im able to add users, but I need also to bind using Kerberos and add users but it fails when I try it, my guess it requires to call startTLS probably, but from what I understood you either connect using startTLS or saslGssApi correct?
How can I bind using kerberos and be able to perform secure sensitive operations?
Thanks,
Karim
RE: Adding user to Active Directory with Kerberos binding
Posted by Karim Hosny <ka...@its.ws>.
Got it, thanks Kiran
-----Original Message-----
From: Kiran Ayyagari [mailto:kayyagari@apache.org]
Sent: Thursday, March 26, 2015 3:36 PM
To: api@directory.apache.org
Subject: Re: Adding user to Active Directory with Kerberos binding
On Thu, Mar 26, 2015 at 9:30 PM, Karim Hosny <ka...@its.ws> wrote:
>
> Let me rephrase my question.
>
> When I use SaslGssApi it means that I use Kerberos for authentication
> to the LDAP server, now this authentication process doesn't it use a
> secure connection or is it done in plain text? And if it does use
> secure connection then I shouldn't call the method startTLS() to
> create a secure layer right?
>
> it is performed on an insecured connection, and kerberos doesn't need
> a
secure connection
> -----Original Message-----
> From: Kiran Ayyagari [mailto:kayyagari@apache.org]
> Sent: Thursday, March 26, 2015 3:20 PM
> To: api@directory.apache.org
> Subject: Re: Adding user to Active Directory with Kerberos binding
>
> On Thu, Mar 26, 2015 at 9:06 PM, Karim Hosny <ka...@its.ws> wrote:
>
> >
> >
> > Hi Kiran,
> >
> > I didn't get any errors im just not sure that the proper way to
> > create a secure connection over kerberos authentication is calling
> > the method startTLS.
> >
> > I tried to call startTLS after successful kerberos authentication
> > and it worked fine, but is the proper way? Should SaslGssApi create
> > the startTLS, I believe kerberos authentication requires creating a
> > secure communication to transfer the tickets, correct?
> >
> > sorry this is a very vague question, can't explain about how you can
> > use
> kerberos here,
> you need to do your homework on what you want to achieve and be
> precise on where you are stuck, then it is easier to help if we can.
>
> > Karim
> > -----Original Message-----
> > From: Kiran Ayyagari [mailto:kayyagari@apache.org]
> > Sent: Thursday, March 26, 2015 12:40 PM
> > To: api@directory.apache.org
> > Subject: Re: Adding user to Active Directory with Kerberos binding
> >
> > On Thu, Mar 26, 2015 at 3:49 PM, Karim Hosny <ka...@its.ws> wrote:
> >
> > > Hi,
> > >
> > > So I got the certificates working and apache Directory working
> > > fine over secure connection using startTLS and im able to add
> > > users, but I need also to bind using Kerberos and add users but it
> > > fails when I try it, my guess it requires to call startTLS
> > > probably, but from what I understood you either connect using
> > > startTLS or saslGssApi
> correct?
> > >
> > bind using SaslGssApiRequest , let us know what error you got
> >
> > >
> > > How can I bind using kerberos and be able to perform secure
> > > sensitive operations?
> > >
> > > Thanks,
> > > Karim
> > >
> > >
> >
> >
> > --
> > Kiran Ayyagari
> > http://keydap.com
> >
>
>
>
> --
> Kiran Ayyagari
> http://keydap.com
>
--
Kiran Ayyagari
http://keydap.com
Re: Adding user to Active Directory with Kerberos binding
Posted by Kiran Ayyagari <ka...@apache.org>.
On Thu, Mar 26, 2015 at 9:30 PM, Karim Hosny <ka...@its.ws> wrote:
>
> Let me rephrase my question.
>
> When I use SaslGssApi it means that I use Kerberos for authentication to
> the LDAP server, now this authentication process doesn't it use a secure
> connection or is it done in plain text? And if it does use secure
> connection then I shouldn't call the method startTLS() to create a secure
> layer right?
>
> it is performed on an insecured connection, and kerberos doesn't need a
secure connection
> -----Original Message-----
> From: Kiran Ayyagari [mailto:kayyagari@apache.org]
> Sent: Thursday, March 26, 2015 3:20 PM
> To: api@directory.apache.org
> Subject: Re: Adding user to Active Directory with Kerberos binding
>
> On Thu, Mar 26, 2015 at 9:06 PM, Karim Hosny <ka...@its.ws> wrote:
>
> >
> >
> > Hi Kiran,
> >
> > I didn't get any errors im just not sure that the proper way to create
> > a secure connection over kerberos authentication is calling the method
> > startTLS.
> >
> > I tried to call startTLS after successful kerberos authentication and
> > it worked fine, but is the proper way? Should SaslGssApi create the
> > startTLS, I believe kerberos authentication requires creating a secure
> > communication to transfer the tickets, correct?
> >
> > sorry this is a very vague question, can't explain about how you can
> > use
> kerberos here,
> you need to do your homework on what you want to achieve and be precise on
> where you are stuck, then it is easier to help if we can.
>
> > Karim
> > -----Original Message-----
> > From: Kiran Ayyagari [mailto:kayyagari@apache.org]
> > Sent: Thursday, March 26, 2015 12:40 PM
> > To: api@directory.apache.org
> > Subject: Re: Adding user to Active Directory with Kerberos binding
> >
> > On Thu, Mar 26, 2015 at 3:49 PM, Karim Hosny <ka...@its.ws> wrote:
> >
> > > Hi,
> > >
> > > So I got the certificates working and apache Directory working fine
> > > over secure connection using startTLS and im able to add users, but
> > > I need also to bind using Kerberos and add users but it fails when I
> > > try it, my guess it requires to call startTLS probably, but from
> > > what I understood you either connect using startTLS or saslGssApi
> correct?
> > >
> > bind using SaslGssApiRequest , let us know what error you got
> >
> > >
> > > How can I bind using kerberos and be able to perform secure
> > > sensitive operations?
> > >
> > > Thanks,
> > > Karim
> > >
> > >
> >
> >
> > --
> > Kiran Ayyagari
> > http://keydap.com
> >
>
>
>
> --
> Kiran Ayyagari
> http://keydap.com
>
--
Kiran Ayyagari
http://keydap.com
RE: Adding user to Active Directory with Kerberos binding
Posted by Karim Hosny <ka...@its.ws>.
Let me rephrase my question.
When I use SaslGssApi it means that I use Kerberos for authentication to the LDAP server, now this authentication process doesn't it use a secure connection or is it done in plain text? And if it does use secure connection then I shouldn't call the method startTLS() to create a secure layer right?
-----Original Message-----
From: Kiran Ayyagari [mailto:kayyagari@apache.org]
Sent: Thursday, March 26, 2015 3:20 PM
To: api@directory.apache.org
Subject: Re: Adding user to Active Directory with Kerberos binding
On Thu, Mar 26, 2015 at 9:06 PM, Karim Hosny <ka...@its.ws> wrote:
>
>
> Hi Kiran,
>
> I didn't get any errors im just not sure that the proper way to create
> a secure connection over kerberos authentication is calling the method
> startTLS.
>
> I tried to call startTLS after successful kerberos authentication and
> it worked fine, but is the proper way? Should SaslGssApi create the
> startTLS, I believe kerberos authentication requires creating a secure
> communication to transfer the tickets, correct?
>
> sorry this is a very vague question, can't explain about how you can
> use
kerberos here,
you need to do your homework on what you want to achieve and be precise on where you are stuck, then it is easier to help if we can.
> Karim
> -----Original Message-----
> From: Kiran Ayyagari [mailto:kayyagari@apache.org]
> Sent: Thursday, March 26, 2015 12:40 PM
> To: api@directory.apache.org
> Subject: Re: Adding user to Active Directory with Kerberos binding
>
> On Thu, Mar 26, 2015 at 3:49 PM, Karim Hosny <ka...@its.ws> wrote:
>
> > Hi,
> >
> > So I got the certificates working and apache Directory working fine
> > over secure connection using startTLS and im able to add users, but
> > I need also to bind using Kerberos and add users but it fails when I
> > try it, my guess it requires to call startTLS probably, but from
> > what I understood you either connect using startTLS or saslGssApi correct?
> >
> bind using SaslGssApiRequest , let us know what error you got
>
> >
> > How can I bind using kerberos and be able to perform secure
> > sensitive operations?
> >
> > Thanks,
> > Karim
> >
> >
>
>
> --
> Kiran Ayyagari
> http://keydap.com
>
--
Kiran Ayyagari
http://keydap.com
Re: Adding user to Active Directory with Kerberos binding
Posted by Kiran Ayyagari <ka...@apache.org>.
On Thu, Mar 26, 2015 at 9:06 PM, Karim Hosny <ka...@its.ws> wrote:
>
>
> Hi Kiran,
>
> I didn't get any errors im just not sure that the proper way to create a
> secure connection over kerberos authentication is calling the method
> startTLS.
>
> I tried to call startTLS after successful kerberos authentication and it
> worked fine, but is the proper way? Should SaslGssApi create the startTLS,
> I believe kerberos authentication requires creating a secure communication
> to transfer the tickets, correct?
>
> sorry this is a very vague question, can't explain about how you can use
kerberos here,
you need to do your homework on what you want to achieve and be precise on
where you are stuck,
then it is easier to help if we can.
> Karim
> -----Original Message-----
> From: Kiran Ayyagari [mailto:kayyagari@apache.org]
> Sent: Thursday, March 26, 2015 12:40 PM
> To: api@directory.apache.org
> Subject: Re: Adding user to Active Directory with Kerberos binding
>
> On Thu, Mar 26, 2015 at 3:49 PM, Karim Hosny <ka...@its.ws> wrote:
>
> > Hi,
> >
> > So I got the certificates working and apache Directory working fine
> > over secure connection using startTLS and im able to add users, but I
> > need also to bind using Kerberos and add users but it fails when I try
> > it, my guess it requires to call startTLS probably, but from what I
> > understood you either connect using startTLS or saslGssApi correct?
> >
> bind using SaslGssApiRequest , let us know what error you got
>
> >
> > How can I bind using kerberos and be able to perform secure sensitive
> > operations?
> >
> > Thanks,
> > Karim
> >
> >
>
>
> --
> Kiran Ayyagari
> http://keydap.com
>
--
Kiran Ayyagari
http://keydap.com
RE: Adding user to Active Directory with Kerberos binding
Posted by Karim Hosny <ka...@its.ws>.
Hi Kiran,
I didn't get any errors im just not sure that the proper way to create a secure connection over kerberos authentication is calling the method startTLS.
I tried to call startTLS after successful kerberos authentication and it worked fine, but is the proper way? Should SaslGssApi create the startTLS, I believe kerberos authentication requires creating a secure communication to transfer the tickets, correct?
Karim
-----Original Message-----
From: Kiran Ayyagari [mailto:kayyagari@apache.org]
Sent: Thursday, March 26, 2015 12:40 PM
To: api@directory.apache.org
Subject: Re: Adding user to Active Directory with Kerberos binding
On Thu, Mar 26, 2015 at 3:49 PM, Karim Hosny <ka...@its.ws> wrote:
> Hi,
>
> So I got the certificates working and apache Directory working fine
> over secure connection using startTLS and im able to add users, but I
> need also to bind using Kerberos and add users but it fails when I try
> it, my guess it requires to call startTLS probably, but from what I
> understood you either connect using startTLS or saslGssApi correct?
>
bind using SaslGssApiRequest , let us know what error you got
>
> How can I bind using kerberos and be able to perform secure sensitive
> operations?
>
> Thanks,
> Karim
>
>
--
Kiran Ayyagari
http://keydap.com
Re: Adding user to Active Directory with Kerberos binding
Posted by Kiran Ayyagari <ka...@apache.org>.
On Thu, Mar 26, 2015 at 3:49 PM, Karim Hosny <ka...@its.ws> wrote:
> Hi,
>
> So I got the certificates working and apache Directory working fine over
> secure connection using startTLS and im able to add users, but I need also
> to bind using Kerberos and add users but it fails when I try it, my guess
> it requires to call startTLS probably, but from what I understood you
> either connect using startTLS or saslGssApi correct?
>
bind using SaslGssApiRequest , let us know what error you got
>
> How can I bind using kerberos and be able to perform secure sensitive
> operations?
>
> Thanks,
> Karim
>
>
--
Kiran Ayyagari
http://keydap.com